From 6d46f0123445f70acdc529c2cfdc0e0b0c88f687 Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Fri, 12 Sep 2014 17:51:05 -0700 Subject: [PATCH] 3.14-stable patches added patches: mips-asm-reg.h-make-32-and-64-bit-definitions-available-at-the-same-time.patch mips-gic-prevent-array-overrun.patch mips-o32-32-bit-fix-bug-which-can-cause-incorrect-system-call-restarts.patch mips-octeon-make-get_system_type-thread-safe.patch mips-prevent-user-from-setting-fcsr-cause-bits.patch mips-ptrace-change-gp-regset-to-use-correct-core-dump-register-layout.patch mips-ptrace-test-correct-task-s-flags-in-task_user_regset_view.patch mips-remove-bug_on-is_fpu_owner-in-do_ade.patch mips-tlbex-fix-a-missing-statement-for-hugetlb.patch --- ...finitions-available-at-the-same-time.patch | 363 ++++++++++++++++++ .../mips-gic-prevent-array-overrun.patch | 43 +++ ...cause-incorrect-system-call-restarts.patch | 63 +++ ...eon-make-get_system_type-thread-safe.patch | 66 ++++ ...nt-user-from-setting-fcsr-cause-bits.patch | 58 +++ ...se-correct-core-dump-register-layout.patch | 287 ++++++++++++++ ...ask-s-flags-in-task_user_regset_view.patch | 33 ++ ...remove-bug_on-is_fpu_owner-in-do_ade.patch | 62 +++ ...-fix-a-missing-statement-for-hugetlb.patch | 40 ++ queue-3.14/series | 9 + 10 files changed, 1024 insertions(+) create mode 100644 queue-3.14/mips-asm-reg.h-make-32-and-64-bit-definitions-available-at-the-same-time.patch create mode 100644 queue-3.14/mips-gic-prevent-array-overrun.patch create mode 100644 queue-3.14/mips-o32-32-bit-fix-bug-which-can-cause-incorrect-system-call-restarts.patch create mode 100644 queue-3.14/mips-octeon-make-get_system_type-thread-safe.patch create mode 100644 queue-3.14/mips-prevent-user-from-setting-fcsr-cause-bits.patch create mode 100644 queue-3.14/mips-ptrace-change-gp-regset-to-use-correct-core-dump-register-layout.patch create mode 100644 queue-3.14/mips-ptrace-test-correct-task-s-flags-in-task_user_regset_view.patch create mode 100644 queue-3.14/mips-remove-bug_on-is_fpu_owner-in-do_ade.patch create mode 100644 queue-3.14/mips-tlbex-fix-a-missing-statement-for-hugetlb.patch diff --git a/queue-3.14/mips-asm-reg.h-make-32-and-64-bit-definitions-available-at-the-same-time.patch b/queue-3.14/mips-asm-reg.h-make-32-and-64-bit-definitions-available-at-the-same-time.patch new file mode 100644 index 00000000000..c524cf4d552 --- /dev/null +++ b/queue-3.14/mips-asm-reg.h-make-32-and-64-bit-definitions-available-at-the-same-time.patch @@ -0,0 +1,363 @@ +From bcec7c8da6b092b1ff3327fd83c2193adb12f684 Mon Sep 17 00:00:00 2001 +From: Alex Smith +Date: Wed, 23 Jul 2014 14:40:08 +0100 +Subject: MIPS: asm/reg.h: Make 32- and 64-bit definitions available at the same time + +From: Alex Smith + +commit bcec7c8da6b092b1ff3327fd83c2193adb12f684 upstream. + +Get rid of the WANT_COMPAT_REG_H test and instead define both the 32- +and 64-bit register offset definitions at the same time with +MIPS{32,64}_ prefixes, then define the existing EF_* names to the +correct definitions for the kernel's bitness. + +This patch is a prerequisite of the following bug fix patch. + +Signed-off-by: Alex Smith +Cc: linux-mips@linux-mips.org +Patchwork: https://patchwork.linux-mips.org/patch/7451/ +Signed-off-by: Ralf Baechle +Signed-off-by: Greg Kroah-Hartman + +--- + arch/mips/include/asm/reg.h | 256 +++++++++++++++++++++++++-------------- + arch/mips/kernel/binfmt_elfo32.c | 32 +--- + 2 files changed, 180 insertions(+), 108 deletions(-) + +--- a/arch/mips/include/asm/reg.h ++++ b/arch/mips/include/asm/reg.h +@@ -12,116 +12,194 @@ + #ifndef __ASM_MIPS_REG_H + #define __ASM_MIPS_REG_H + +- +-#if defined(CONFIG_32BIT) || defined(WANT_COMPAT_REG_H) +- +-#define EF_R0 6 +-#define EF_R1 7 +-#define EF_R2 8 +-#define EF_R3 9 +-#define EF_R4 10 +-#define EF_R5 11 +-#define EF_R6 12 +-#define EF_R7 13 +-#define EF_R8 14 +-#define EF_R9 15 +-#define EF_R10 16 +-#define EF_R11 17 +-#define EF_R12 18 +-#define EF_R13 19 +-#define EF_R14 20 +-#define EF_R15 21 +-#define EF_R16 22 +-#define EF_R17 23 +-#define EF_R18 24 +-#define EF_R19 25 +-#define EF_R20 26 +-#define EF_R21 27 +-#define EF_R22 28 +-#define EF_R23 29 +-#define EF_R24 30 +-#define EF_R25 31 ++#define MIPS32_EF_R0 6 ++#define MIPS32_EF_R1 7 ++#define MIPS32_EF_R2 8 ++#define MIPS32_EF_R3 9 ++#define MIPS32_EF_R4 10 ++#define MIPS32_EF_R5 11 ++#define MIPS32_EF_R6 12 ++#define MIPS32_EF_R7 13 ++#define MIPS32_EF_R8 14 ++#define MIPS32_EF_R9 15 ++#define MIPS32_EF_R10 16 ++#define MIPS32_EF_R11 17 ++#define MIPS32_EF_R12 18 ++#define MIPS32_EF_R13 19 ++#define MIPS32_EF_R14 20 ++#define MIPS32_EF_R15 21 ++#define MIPS32_EF_R16 22 ++#define MIPS32_EF_R17 23 ++#define MIPS32_EF_R18 24 ++#define MIPS32_EF_R19 25 ++#define MIPS32_EF_R20 26 ++#define MIPS32_EF_R21 27 ++#define MIPS32_EF_R22 28 ++#define MIPS32_EF_R23 29 ++#define MIPS32_EF_R24 30 ++#define MIPS32_EF_R25 31 + + /* + * k0/k1 unsaved + */ +-#define EF_R26 32 +-#define EF_R27 33 ++#define MIPS32_EF_R26 32 ++#define MIPS32_EF_R27 33 + +-#define EF_R28 34 +-#define EF_R29 35 +-#define EF_R30 36 +-#define EF_R31 37 ++#define MIPS32_EF_R28 34 ++#define MIPS32_EF_R29 35 ++#define MIPS32_EF_R30 36 ++#define MIPS32_EF_R31 37 + + /* + * Saved special registers + */ +-#define EF_LO 38 +-#define EF_HI 39 ++#define MIPS32_EF_LO 38 ++#define MIPS32_EF_HI 39 + +-#define EF_CP0_EPC 40 +-#define EF_CP0_BADVADDR 41 +-#define EF_CP0_STATUS 42 +-#define EF_CP0_CAUSE 43 +-#define EF_UNUSED0 44 +- +-#define EF_SIZE 180 +- +-#endif +- +-#if defined(CONFIG_64BIT) && !defined(WANT_COMPAT_REG_H) +- +-#define EF_R0 0 +-#define EF_R1 1 +-#define EF_R2 2 +-#define EF_R3 3 +-#define EF_R4 4 +-#define EF_R5 5 +-#define EF_R6 6 +-#define EF_R7 7 +-#define EF_R8 8 +-#define EF_R9 9 +-#define EF_R10 10 +-#define EF_R11 11 +-#define EF_R12 12 +-#define EF_R13 13 +-#define EF_R14 14 +-#define EF_R15 15 +-#define EF_R16 16 +-#define EF_R17 17 +-#define EF_R18 18 +-#define EF_R19 19 +-#define EF_R20 20 +-#define EF_R21 21 +-#define EF_R22 22 +-#define EF_R23 23 +-#define EF_R24 24 +-#define EF_R25 25 ++#define MIPS32_EF_CP0_EPC 40 ++#define MIPS32_EF_CP0_BADVADDR 41 ++#define MIPS32_EF_CP0_STATUS 42 ++#define MIPS32_EF_CP0_CAUSE 43 ++#define MIPS32_EF_UNUSED0 44 ++ ++#define MIPS32_EF_SIZE 180 ++ ++#define MIPS64_EF_R0 0 ++#define MIPS64_EF_R1 1 ++#define MIPS64_EF_R2 2 ++#define MIPS64_EF_R3 3 ++#define MIPS64_EF_R4 4 ++#define MIPS64_EF_R5 5 ++#define MIPS64_EF_R6 6 ++#define MIPS64_EF_R7 7 ++#define MIPS64_EF_R8 8 ++#define MIPS64_EF_R9 9 ++#define MIPS64_EF_R10 10 ++#define MIPS64_EF_R11 11 ++#define MIPS64_EF_R12 12 ++#define MIPS64_EF_R13 13 ++#define MIPS64_EF_R14 14 ++#define MIPS64_EF_R15 15 ++#define MIPS64_EF_R16 16 ++#define MIPS64_EF_R17 17 ++#define MIPS64_EF_R18 18 ++#define MIPS64_EF_R19 19 ++#define MIPS64_EF_R20 20 ++#define MIPS64_EF_R21 21 ++#define MIPS64_EF_R22 22 ++#define MIPS64_EF_R23 23 ++#define MIPS64_EF_R24 24 ++#define MIPS64_EF_R25 25 + + /* + * k0/k1 unsaved + */ +-#define EF_R26 26 +-#define EF_R27 27 ++#define MIPS64_EF_R26 26 ++#define MIPS64_EF_R27 27 + + +-#define EF_R28 28 +-#define EF_R29 29 +-#define EF_R30 30 +-#define EF_R31 31 ++#define MIPS64_EF_R28 28 ++#define MIPS64_EF_R29 29 ++#define MIPS64_EF_R30 30 ++#define MIPS64_EF_R31 31 + + /* + * Saved special registers + */ +-#define EF_LO 32 +-#define EF_HI 33 +- +-#define EF_CP0_EPC 34 +-#define EF_CP0_BADVADDR 35 +-#define EF_CP0_STATUS 36 +-#define EF_CP0_CAUSE 37 ++#define MIPS64_EF_LO 32 ++#define MIPS64_EF_HI 33 + +-#define EF_SIZE 304 /* size in bytes */ ++#define MIPS64_EF_CP0_EPC 34 ++#define MIPS64_EF_CP0_BADVADDR 35 ++#define MIPS64_EF_CP0_STATUS 36 ++#define MIPS64_EF_CP0_CAUSE 37 ++ ++#define MIPS64_EF_SIZE 304 /* size in bytes */ ++ ++#if defined(CONFIG_32BIT) ++ ++#define EF_R0 MIPS32_EF_R0 ++#define EF_R1 MIPS32_EF_R1 ++#define EF_R2 MIPS32_EF_R2 ++#define EF_R3 MIPS32_EF_R3 ++#define EF_R4 MIPS32_EF_R4 ++#define EF_R5 MIPS32_EF_R5 ++#define EF_R6 MIPS32_EF_R6 ++#define EF_R7 MIPS32_EF_R7 ++#define EF_R8 MIPS32_EF_R8 ++#define EF_R9 MIPS32_EF_R9 ++#define EF_R10 MIPS32_EF_R10 ++#define EF_R11 MIPS32_EF_R11 ++#define EF_R12 MIPS32_EF_R12 ++#define EF_R13 MIPS32_EF_R13 ++#define EF_R14 MIPS32_EF_R14 ++#define EF_R15 MIPS32_EF_R15 ++#define EF_R16 MIPS32_EF_R16 ++#define EF_R17 MIPS32_EF_R17 ++#define EF_R18 MIPS32_EF_R18 ++#define EF_R19 MIPS32_EF_R19 ++#define EF_R20 MIPS32_EF_R20 ++#define EF_R21 MIPS32_EF_R21 ++#define EF_R22 MIPS32_EF_R22 ++#define EF_R23 MIPS32_EF_R23 ++#define EF_R24 MIPS32_EF_R24 ++#define EF_R25 MIPS32_EF_R25 ++#define EF_R26 MIPS32_EF_R26 ++#define EF_R27 MIPS32_EF_R27 ++#define EF_R28 MIPS32_EF_R28 ++#define EF_R29 MIPS32_EF_R29 ++#define EF_R30 MIPS32_EF_R30 ++#define EF_R31 MIPS32_EF_R31 ++#define EF_LO MIPS32_EF_LO ++#define EF_HI MIPS32_EF_HI ++#define EF_CP0_EPC MIPS32_EF_CP0_EPC ++#define EF_CP0_BADVADDR MIPS32_EF_CP0_BADVADDR ++#define EF_CP0_STATUS MIPS32_EF_CP0_STATUS ++#define EF_CP0_CAUSE MIPS32_EF_CP0_CAUSE ++#define EF_UNUSED0 MIPS32_EF_UNUSED0 ++#define EF_SIZE MIPS32_EF_SIZE ++ ++#elif defined(CONFIG_64BIT) ++ ++#define EF_R0 MIPS64_EF_R0 ++#define EF_R1 MIPS64_EF_R1 ++#define EF_R2 MIPS64_EF_R2 ++#define EF_R3 MIPS64_EF_R3 ++#define EF_R4 MIPS64_EF_R4 ++#define EF_R5 MIPS64_EF_R5 ++#define EF_R6 MIPS64_EF_R6 ++#define EF_R7 MIPS64_EF_R7 ++#define EF_R8 MIPS64_EF_R8 ++#define EF_R9 MIPS64_EF_R9 ++#define EF_R10 MIPS64_EF_R10 ++#define EF_R11 MIPS64_EF_R11 ++#define EF_R12 MIPS64_EF_R12 ++#define EF_R13 MIPS64_EF_R13 ++#define EF_R14 MIPS64_EF_R14 ++#define EF_R15 MIPS64_EF_R15 ++#define EF_R16 MIPS64_EF_R16 ++#define EF_R17 MIPS64_EF_R17 ++#define EF_R18 MIPS64_EF_R18 ++#define EF_R19 MIPS64_EF_R19 ++#define EF_R20 MIPS64_EF_R20 ++#define EF_R21 MIPS64_EF_R21 ++#define EF_R22 MIPS64_EF_R22 ++#define EF_R23 MIPS64_EF_R23 ++#define EF_R24 MIPS64_EF_R24 ++#define EF_R25 MIPS64_EF_R25 ++#define EF_R26 MIPS64_EF_R26 ++#define EF_R27 MIPS64_EF_R27 ++#define EF_R28 MIPS64_EF_R28 ++#define EF_R29 MIPS64_EF_R29 ++#define EF_R30 MIPS64_EF_R30 ++#define EF_R31 MIPS64_EF_R31 ++#define EF_LO MIPS64_EF_LO ++#define EF_HI MIPS64_EF_HI ++#define EF_CP0_EPC MIPS64_EF_CP0_EPC ++#define EF_CP0_BADVADDR MIPS64_EF_CP0_BADVADDR ++#define EF_CP0_STATUS MIPS64_EF_CP0_STATUS ++#define EF_CP0_CAUSE MIPS64_EF_CP0_CAUSE ++#define EF_SIZE MIPS64_EF_SIZE + + #endif /* CONFIG_64BIT */ + +--- a/arch/mips/kernel/binfmt_elfo32.c ++++ b/arch/mips/kernel/binfmt_elfo32.c +@@ -72,12 +72,6 @@ typedef elf_fpreg_t elf_fpregset_t[ELF_N + + #include + +-/* +- * When this file is selected, we are definitely running a 64bit kernel. +- * So using the right regs define in asm/reg.h +- */ +-#define WANT_COMPAT_REG_H +- + /* These MUST be defined before elf.h gets included */ + extern void elf32_core_copy_regs(elf_gregset_t grp, struct pt_regs *regs); + #define ELF_CORE_COPY_REGS(_dest, _regs) elf32_core_copy_regs(_dest, _regs); +@@ -149,21 +143,21 @@ void elf32_core_copy_regs(elf_gregset_t + { + int i; + +- for (i = 0; i < EF_R0; i++) ++ for (i = 0; i < MIPS32_EF_R0; i++) + grp[i] = 0; +- grp[EF_R0] = 0; ++ grp[MIPS32_EF_R0] = 0; + for (i = 1; i <= 31; i++) +- grp[EF_R0 + i] = (elf_greg_t) regs->regs[i]; +- grp[EF_R26] = 0; +- grp[EF_R27] = 0; +- grp[EF_LO] = (elf_greg_t) regs->lo; +- grp[EF_HI] = (elf_greg_t) regs->hi; +- grp[EF_CP0_EPC] = (elf_greg_t) regs->cp0_epc; +- grp[EF_CP0_BADVADDR] = (elf_greg_t) regs->cp0_badvaddr; +- grp[EF_CP0_STATUS] = (elf_greg_t) regs->cp0_status; +- grp[EF_CP0_CAUSE] = (elf_greg_t) regs->cp0_cause; +-#ifdef EF_UNUSED0 +- grp[EF_UNUSED0] = 0; ++ grp[MIPS32_EF_R0 + i] = (elf_greg_t) regs->regs[i]; ++ grp[MIPS32_EF_R26] = 0; ++ grp[MIPS32_EF_R27] = 0; ++ grp[MIPS32_EF_LO] = (elf_greg_t) regs->lo; ++ grp[MIPS32_EF_HI] = (elf_greg_t) regs->hi; ++ grp[MIPS32_EF_CP0_EPC] = (elf_greg_t) regs->cp0_epc; ++ grp[MIPS32_EF_CP0_BADVADDR] = (elf_greg_t) regs->cp0_badvaddr; ++ grp[MIPS32_EF_CP0_STATUS] = (elf_greg_t) regs->cp0_status; ++ grp[MIPS32_EF_CP0_CAUSE] = (elf_greg_t) regs->cp0_cause; ++#ifdef MIPS32_EF_UNUSED0 ++ grp[MIPS32_EF_UNUSED0] = 0; + #endif + } + diff --git a/queue-3.14/mips-gic-prevent-array-overrun.patch b/queue-3.14/mips-gic-prevent-array-overrun.patch new file mode 100644 index 00000000000..4430e0709df --- /dev/null +++ b/queue-3.14/mips-gic-prevent-array-overrun.patch @@ -0,0 +1,43 @@ +From ffc8415afab20bd97754efae6aad1f67b531132b Mon Sep 17 00:00:00 2001 +From: Jeffrey Deans +Date: Thu, 17 Jul 2014 09:20:56 +0100 +Subject: MIPS: GIC: Prevent array overrun + +From: Jeffrey Deans + +commit ffc8415afab20bd97754efae6aad1f67b531132b upstream. + +A GIC interrupt which is declared as having a GIC_MAP_TO_NMI_MSK +mapping causes the cpu parameter to gic_setup_intr() to be increased +to 32, causing memory corruption when pcpu_masks[] is written to again +later in the function. + +Signed-off-by: Jeffrey Deans +Signed-off-by: Markos Chandras +Cc: linux-mips@linux-mips.org +Patchwork: https://patchwork.linux-mips.org/patch/7375/ +Signed-off-by: Ralf Baechle +Signed-off-by: Greg Kroah-Hartman + +--- + arch/mips/kernel/irq-gic.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +--- a/arch/mips/kernel/irq-gic.c ++++ b/arch/mips/kernel/irq-gic.c +@@ -255,11 +255,13 @@ static void __init gic_setup_intr(unsign + + /* Setup Intr to Pin mapping */ + if (pin & GIC_MAP_TO_NMI_MSK) { ++ int i; ++ + GICWRITE(GIC_REG_ADDR(SHARED, GIC_SH_MAP_TO_PIN(intr)), pin); + /* FIXME: hack to route NMI to all cpu's */ +- for (cpu = 0; cpu < NR_CPUS; cpu += 32) { ++ for (i = 0; i < NR_CPUS; i += 32) { + GICWRITE(GIC_REG_ADDR(SHARED, +- GIC_SH_MAP_TO_VPE_REG_OFF(intr, cpu)), ++ GIC_SH_MAP_TO_VPE_REG_OFF(intr, i)), + 0xffffffff); + } + } else { diff --git a/queue-3.14/mips-o32-32-bit-fix-bug-which-can-cause-incorrect-system-call-restarts.patch b/queue-3.14/mips-o32-32-bit-fix-bug-which-can-cause-incorrect-system-call-restarts.patch new file mode 100644 index 00000000000..dfb4f0213bc --- /dev/null +++ b/queue-3.14/mips-o32-32-bit-fix-bug-which-can-cause-incorrect-system-call-restarts.patch @@ -0,0 +1,63 @@ +From e90e6fddc57055c4c6b57f92787fea1c065d440b Mon Sep 17 00:00:00 2001 +From: Alex Smith +Date: Wed, 23 Jul 2014 14:40:11 +0100 +Subject: MIPS: O32/32-bit: Fix bug which can cause incorrect system call restarts + +From: Alex Smith + +commit e90e6fddc57055c4c6b57f92787fea1c065d440b upstream. + +On 32-bit/O32, pt_regs has a padding area at the beginning into which the +syscall arguments passed via the user stack are copied. 4 arguments +totalling 16 bytes are copied to offset 16 bytes into this area, however +the area is only 24 bytes long. This means the last 2 arguments overwrite +pt_regs->regs[{0,1}]. + +If a syscall function returns an error, handle_sys stores the original +syscall number in pt_regs->regs[0] for syscall restart. signal.c checks +whether regs[0] is non-zero, if it is it will check whether the syscall +return value is one of the ERESTART* codes to see if it must be +restarted. + +Should a syscall be made that results in a non-zero value being copied +off the user stack into regs[0], and then returns a positive (non-error) +value that matches one of the ERESTART* error codes, this can be mistaken +for requiring a syscall restart. + +While the possibility for this to occur has always existed, it is made +much more likely to occur by commit 46e12c07b3b9 ("MIPS: O32 / 32-bit: +Always copy 4 stack arguments."), since now every syscall will copy 4 +arguments and overwrite regs[0], rather than just those with 7 or 8 +arguments. + +Since that commit, booting Debian under a 32-bit MIPS kernel almost +always results in a hang early in boot, due to a wait4 syscall returning +a PID that matches one of the ERESTART* codes, which then causes an +incorrect restart of the syscall. + +The problem is fixed by increasing the size of the padding area so that +arguments copied off the stack will not overwrite pt_regs->regs[{0,1}]. + +Signed-off-by: Alex Smith +Reviewed-by: Aurelien Jarno +Tested-by: Aurelien Jarno +Cc: linux-mips@linux-mips.org +Patchwork: https://patchwork.linux-mips.org/patch/7454/ +Signed-off-by: Ralf Baechle +Signed-off-by: Greg Kroah-Hartman + +--- + arch/mips/include/asm/ptrace.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/arch/mips/include/asm/ptrace.h ++++ b/arch/mips/include/asm/ptrace.h +@@ -23,7 +23,7 @@ + struct pt_regs { + #ifdef CONFIG_32BIT + /* Pad bytes for argument save space on the stack. */ +- unsigned long pad0[6]; ++ unsigned long pad0[8]; + #endif + + /* Saved main processor registers. */ diff --git a/queue-3.14/mips-octeon-make-get_system_type-thread-safe.patch b/queue-3.14/mips-octeon-make-get_system_type-thread-safe.patch new file mode 100644 index 00000000000..10df0250bd6 --- /dev/null +++ b/queue-3.14/mips-octeon-make-get_system_type-thread-safe.patch @@ -0,0 +1,66 @@ +From 608308682addfdc7b8e2aee88f0e028331d88e4d Mon Sep 17 00:00:00 2001 +From: Aaro Koskinen +Date: Tue, 22 Jul 2014 14:51:08 +0300 +Subject: MIPS: OCTEON: make get_system_type() thread-safe + +From: Aaro Koskinen + +commit 608308682addfdc7b8e2aee88f0e028331d88e4d upstream. + +get_system_type() is not thread-safe on OCTEON. It uses static data, +also more dangerous issue is that it's calling cvmx_fuse_read_byte() +every time without any synchronization. Currently it's possible to get +processes stuck looping forever in kernel simply by launching multiple +readers of /proc/cpuinfo: + + (while true; do cat /proc/cpuinfo > /dev/null; done) & + (while true; do cat /proc/cpuinfo > /dev/null; done) & + ... + +Fix by initializing the system type string only once during the early +boot. + +Signed-off-by: Aaro Koskinen +Reviewed-by: Markos Chandras +Patchwork: http://patchwork.linux-mips.org/patch/7437/ +Signed-off-by: James Hogan +Signed-off-by: Greg Kroah-Hartman + +--- + arch/mips/cavium-octeon/setup.c | 18 +++++++++++++----- + 1 file changed, 13 insertions(+), 5 deletions(-) + +--- a/arch/mips/cavium-octeon/setup.c ++++ b/arch/mips/cavium-octeon/setup.c +@@ -458,6 +458,18 @@ static void octeon_halt(void) + octeon_kill_core(NULL); + } + ++static char __read_mostly octeon_system_type[80]; ++ ++static int __init init_octeon_system_type(void) ++{ ++ snprintf(octeon_system_type, sizeof(octeon_system_type), "%s (%s)", ++ cvmx_board_type_to_string(octeon_bootinfo->board_type), ++ octeon_model_get_string(read_c0_prid())); ++ ++ return 0; ++} ++early_initcall(init_octeon_system_type); ++ + /** + * Return a string representing the system type + * +@@ -465,11 +477,7 @@ static void octeon_halt(void) + */ + const char *octeon_board_type_string(void) + { +- static char name[80]; +- sprintf(name, "%s (%s)", +- cvmx_board_type_to_string(octeon_bootinfo->board_type), +- octeon_model_get_string(read_c0_prid())); +- return name; ++ return octeon_system_type; + } + + const char *get_system_type(void) diff --git a/queue-3.14/mips-prevent-user-from-setting-fcsr-cause-bits.patch b/queue-3.14/mips-prevent-user-from-setting-fcsr-cause-bits.patch new file mode 100644 index 00000000000..8030cbf7a61 --- /dev/null +++ b/queue-3.14/mips-prevent-user-from-setting-fcsr-cause-bits.patch @@ -0,0 +1,58 @@ +From b1442d39fac2fcfbe6a4814979020e993ca59c9e Mon Sep 17 00:00:00 2001 +From: Paul Burton +Date: Tue, 22 Jul 2014 14:21:21 +0100 +Subject: MIPS: Prevent user from setting FCSR cause bits + +From: Paul Burton + +commit b1442d39fac2fcfbe6a4814979020e993ca59c9e upstream. + +If one or more matching FCSR cause & enable bits are set in saved thread +context then when that context is restored the kernel will take an FP +exception. This is of course undesirable and considered an oops, leading +to the kernel writing a backtrace to the console and potentially +rebooting depending upon the configuration. Thus the kernel avoids this +situation by clearing the cause bits of the FCSR register when handling +FP exceptions and after emulating FP instructions. + +However the kernel does not prevent userland from setting arbitrary FCSR +cause & enable bits via ptrace, using either the PTRACE_POKEUSR or +PTRACE_SETFPREGS requests. This means userland can trivially cause the +kernel to oops on any system with an FPU. Prevent this from happening +by clearing the cause bits when writing to the saved FCSR context via +ptrace. + +This problem appears to exist at least back to the beginning of the git +era in the PTRACE_POKEUSR case. + +Signed-off-by: Paul Burton +Cc: linux-mips@linux-mips.org +Cc: Paul Burton +Cc: stable@vger.kernel.org +Patchwork: https://patchwork.linux-mips.org/patch/7438/ +Signed-off-by: Ralf Baechle +Signed-off-by: Greg Kroah-Hartman + +--- + arch/mips/kernel/ptrace.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- a/arch/mips/kernel/ptrace.c ++++ b/arch/mips/kernel/ptrace.c +@@ -170,6 +170,7 @@ int ptrace_setfpregs(struct task_struct + __get_user(fregs[i], i + (__u64 __user *) data); + + __get_user(child->thread.fpu.fcr31, data + 64); ++ child->thread.fpu.fcr31 &= ~FPU_CSR_ALL_X; + + /* FIR may not be written. */ + +@@ -724,7 +725,7 @@ long arch_ptrace(struct task_struct *chi + break; + #endif + case FPC_CSR: +- child->thread.fpu.fcr31 = data; ++ child->thread.fpu.fcr31 = data & ~FPU_CSR_ALL_X; + break; + case DSP_BASE ... DSP_BASE + 5: { + dspreg_t *dregs; diff --git a/queue-3.14/mips-ptrace-change-gp-regset-to-use-correct-core-dump-register-layout.patch b/queue-3.14/mips-ptrace-change-gp-regset-to-use-correct-core-dump-register-layout.patch new file mode 100644 index 00000000000..dee717f8d6b --- /dev/null +++ b/queue-3.14/mips-ptrace-change-gp-regset-to-use-correct-core-dump-register-layout.patch @@ -0,0 +1,287 @@ +From c23b3d1a53119849dc3c23c417124deb067aa33d Mon Sep 17 00:00:00 2001 +From: Alex Smith +Date: Wed, 23 Jul 2014 14:40:09 +0100 +Subject: MIPS: ptrace: Change GP regset to use correct core dump register layout + +From: Alex Smith + +commit c23b3d1a53119849dc3c23c417124deb067aa33d upstream. + +Commit 6a9c001b7ec3 ("MIPS: Switch ELF core dumper to use regsets.") +switched the core dumper to use regsets, however the GP regset code +simply makes a direct copy of the kernel's pt_regs, which does not +match the original core dump register layout as defined in asm/reg.h. +Furthermore, the definition of pt_regs can vary with certain Kconfig +variables, therefore the GP regset can never be relied upon to return +registers in the same layout. + +Therefore, this patch changes the GP regset to match the original core +dump layout. The layout differs for 32- and 64-bit processes, so +separate implementations of the get/set functions are added for the +32- and 64-bit regsets. + +Signed-off-by: Alex Smith +Cc: linux-mips@linux-mips.org +Patchwork: https://patchwork.linux-mips.org/patch/7452/ +Signed-off-by: Ralf Baechle +Signed-off-by: Greg Kroah-Hartman + +--- + arch/mips/kernel/ptrace.c | 189 ++++++++++++++++++++++++++++++++++++++-------- + 1 file changed, 160 insertions(+), 29 deletions(-) + +--- a/arch/mips/kernel/ptrace.c ++++ b/arch/mips/kernel/ptrace.c +@@ -265,36 +265,160 @@ int ptrace_set_watch_regs(struct task_st + + /* regset get/set implementations */ + +-static int gpr_get(struct task_struct *target, +- const struct user_regset *regset, +- unsigned int pos, unsigned int count, +- void *kbuf, void __user *ubuf) ++#if defined(CONFIG_32BIT) || defined(CONFIG_MIPS32_O32) ++ ++static int gpr32_get(struct task_struct *target, ++ const struct user_regset *regset, ++ unsigned int pos, unsigned int count, ++ void *kbuf, void __user *ubuf) + { + struct pt_regs *regs = task_pt_regs(target); ++ u32 uregs[ELF_NGREG] = {}; ++ unsigned i; + +- return user_regset_copyout(&pos, &count, &kbuf, &ubuf, +- regs, 0, sizeof(*regs)); ++ for (i = MIPS32_EF_R1; i <= MIPS32_EF_R31; i++) { ++ /* k0/k1 are copied as zero. */ ++ if (i == MIPS32_EF_R26 || i == MIPS32_EF_R27) ++ continue; ++ ++ uregs[i] = regs->regs[i - MIPS32_EF_R0]; ++ } ++ ++ uregs[MIPS32_EF_LO] = regs->lo; ++ uregs[MIPS32_EF_HI] = regs->hi; ++ uregs[MIPS32_EF_CP0_EPC] = regs->cp0_epc; ++ uregs[MIPS32_EF_CP0_BADVADDR] = regs->cp0_badvaddr; ++ uregs[MIPS32_EF_CP0_STATUS] = regs->cp0_status; ++ uregs[MIPS32_EF_CP0_CAUSE] = regs->cp0_cause; ++ ++ return user_regset_copyout(&pos, &count, &kbuf, &ubuf, uregs, 0, ++ sizeof(uregs)); + } + +-static int gpr_set(struct task_struct *target, +- const struct user_regset *regset, +- unsigned int pos, unsigned int count, +- const void *kbuf, const void __user *ubuf) ++static int gpr32_set(struct task_struct *target, ++ const struct user_regset *regset, ++ unsigned int pos, unsigned int count, ++ const void *kbuf, const void __user *ubuf) + { +- struct pt_regs newregs; +- int ret; ++ struct pt_regs *regs = task_pt_regs(target); ++ u32 uregs[ELF_NGREG]; ++ unsigned start, num_regs, i; ++ int err; ++ ++ start = pos / sizeof(u32); ++ num_regs = count / sizeof(u32); ++ ++ if (start + num_regs > ELF_NGREG) ++ return -EIO; ++ ++ err = user_regset_copyin(&pos, &count, &kbuf, &ubuf, uregs, 0, ++ sizeof(uregs)); ++ if (err) ++ return err; ++ ++ for (i = start; i < num_regs; i++) { ++ /* ++ * Cast all values to signed here so that if this is a 64-bit ++ * kernel, the supplied 32-bit values will be sign extended. ++ */ ++ switch (i) { ++ case MIPS32_EF_R1 ... MIPS32_EF_R25: ++ /* k0/k1 are ignored. */ ++ case MIPS32_EF_R28 ... MIPS32_EF_R31: ++ regs->regs[i - MIPS32_EF_R0] = (s32)uregs[i]; ++ break; ++ case MIPS32_EF_LO: ++ regs->lo = (s32)uregs[i]; ++ break; ++ case MIPS32_EF_HI: ++ regs->hi = (s32)uregs[i]; ++ break; ++ case MIPS32_EF_CP0_EPC: ++ regs->cp0_epc = (s32)uregs[i]; ++ break; ++ } ++ } ++ ++ return 0; ++} + +- ret = user_regset_copyin(&pos, &count, &kbuf, &ubuf, +- &newregs, +- 0, sizeof(newregs)); +- if (ret) +- return ret; ++#endif /* CONFIG_32BIT || CONFIG_MIPS32_O32 */ ++ ++#ifdef CONFIG_64BIT ++ ++static int gpr64_get(struct task_struct *target, ++ const struct user_regset *regset, ++ unsigned int pos, unsigned int count, ++ void *kbuf, void __user *ubuf) ++{ ++ struct pt_regs *regs = task_pt_regs(target); ++ u64 uregs[ELF_NGREG] = {}; ++ unsigned i; + +- *task_pt_regs(target) = newregs; ++ for (i = MIPS64_EF_R1; i <= MIPS64_EF_R31; i++) { ++ /* k0/k1 are copied as zero. */ ++ if (i == MIPS64_EF_R26 || i == MIPS64_EF_R27) ++ continue; ++ ++ uregs[i] = regs->regs[i - MIPS64_EF_R0]; ++ } ++ ++ uregs[MIPS64_EF_LO] = regs->lo; ++ uregs[MIPS64_EF_HI] = regs->hi; ++ uregs[MIPS64_EF_CP0_EPC] = regs->cp0_epc; ++ uregs[MIPS64_EF_CP0_BADVADDR] = regs->cp0_badvaddr; ++ uregs[MIPS64_EF_CP0_STATUS] = regs->cp0_status; ++ uregs[MIPS64_EF_CP0_CAUSE] = regs->cp0_cause; ++ ++ return user_regset_copyout(&pos, &count, &kbuf, &ubuf, uregs, 0, ++ sizeof(uregs)); ++} ++ ++static int gpr64_set(struct task_struct *target, ++ const struct user_regset *regset, ++ unsigned int pos, unsigned int count, ++ const void *kbuf, const void __user *ubuf) ++{ ++ struct pt_regs *regs = task_pt_regs(target); ++ u64 uregs[ELF_NGREG]; ++ unsigned start, num_regs, i; ++ int err; ++ ++ start = pos / sizeof(u64); ++ num_regs = count / sizeof(u64); ++ ++ if (start + num_regs > ELF_NGREG) ++ return -EIO; ++ ++ err = user_regset_copyin(&pos, &count, &kbuf, &ubuf, uregs, 0, ++ sizeof(uregs)); ++ if (err) ++ return err; ++ ++ for (i = start; i < num_regs; i++) { ++ switch (i) { ++ case MIPS64_EF_R1 ... MIPS64_EF_R25: ++ /* k0/k1 are ignored. */ ++ case MIPS64_EF_R28 ... MIPS64_EF_R31: ++ regs->regs[i - MIPS64_EF_R0] = uregs[i]; ++ break; ++ case MIPS64_EF_LO: ++ regs->lo = uregs[i]; ++ break; ++ case MIPS64_EF_HI: ++ regs->hi = uregs[i]; ++ break; ++ case MIPS64_EF_CP0_EPC: ++ regs->cp0_epc = uregs[i]; ++ break; ++ } ++ } + + return 0; + } + ++#endif /* CONFIG_64BIT */ ++ + static int fpr_get(struct task_struct *target, + const struct user_regset *regset, + unsigned int pos, unsigned int count, +@@ -322,14 +446,16 @@ enum mips_regset { + REGSET_FPR, + }; + ++#if defined(CONFIG_32BIT) || defined(CONFIG_MIPS32_O32) ++ + static const struct user_regset mips_regsets[] = { + [REGSET_GPR] = { + .core_note_type = NT_PRSTATUS, + .n = ELF_NGREG, + .size = sizeof(unsigned int), + .align = sizeof(unsigned int), +- .get = gpr_get, +- .set = gpr_set, ++ .get = gpr32_get, ++ .set = gpr32_set, + }, + [REGSET_FPR] = { + .core_note_type = NT_PRFPREG, +@@ -349,14 +475,18 @@ static const struct user_regset_view use + .n = ARRAY_SIZE(mips_regsets), + }; + ++#endif /* CONFIG_32BIT || CONFIG_MIPS32_O32 */ ++ ++#ifdef CONFIG_64BIT ++ + static const struct user_regset mips64_regsets[] = { + [REGSET_GPR] = { + .core_note_type = NT_PRSTATUS, + .n = ELF_NGREG, + .size = sizeof(unsigned long), + .align = sizeof(unsigned long), +- .get = gpr_get, +- .set = gpr_set, ++ .get = gpr64_get, ++ .set = gpr64_set, + }, + [REGSET_FPR] = { + .core_note_type = NT_PRFPREG, +@@ -369,25 +499,26 @@ static const struct user_regset mips64_r + }; + + static const struct user_regset_view user_mips64_view = { +- .name = "mips", ++ .name = "mips64", + .e_machine = ELF_ARCH, + .ei_osabi = ELF_OSABI, + .regsets = mips64_regsets, +- .n = ARRAY_SIZE(mips_regsets), ++ .n = ARRAY_SIZE(mips64_regsets), + }; + ++#endif /* CONFIG_64BIT */ ++ + const struct user_regset_view *task_user_regset_view(struct task_struct *task) + { + #ifdef CONFIG_32BIT + return &user_mips_view; +-#endif +- ++#else + #ifdef CONFIG_MIPS32_O32 +- if (test_tsk_thread_flag(task, TIF_32BIT_REGS)) +- return &user_mips_view; ++ if (test_tsk_thread_flag(task, TIF_32BIT_REGS)) ++ return &user_mips_view; + #endif +- + return &user_mips64_view; ++#endif + } + + long arch_ptrace(struct task_struct *child, long request, diff --git a/queue-3.14/mips-ptrace-test-correct-task-s-flags-in-task_user_regset_view.patch b/queue-3.14/mips-ptrace-test-correct-task-s-flags-in-task_user_regset_view.patch new file mode 100644 index 00000000000..17fa551ff35 --- /dev/null +++ b/queue-3.14/mips-ptrace-test-correct-task-s-flags-in-task_user_regset_view.patch @@ -0,0 +1,33 @@ +From 65768a1a92cb12cbba87588927cf597a65d560aa Mon Sep 17 00:00:00 2001 +From: Alex Smith +Date: Wed, 23 Jul 2014 14:40:07 +0100 +Subject: MIPS: ptrace: Test correct task's flags in task_user_regset_view() + +From: Alex Smith + +commit 65768a1a92cb12cbba87588927cf597a65d560aa upstream. + +task_user_regset_view() should test for TIF_32BIT_REGS in the flags of +the specified task, not of the current task. + +Signed-off-by: Alex Smith +Cc: linux-mips@linux-mips.org +Patchwork: https://patchwork.linux-mips.org/patch/7450/ +Signed-off-by: Ralf Baechle +Signed-off-by: Greg Kroah-Hartman + +--- + arch/mips/kernel/ptrace.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/arch/mips/kernel/ptrace.c ++++ b/arch/mips/kernel/ptrace.c +@@ -383,7 +383,7 @@ const struct user_regset_view *task_user + #endif + + #ifdef CONFIG_MIPS32_O32 +- if (test_thread_flag(TIF_32BIT_REGS)) ++ if (test_tsk_thread_flag(task, TIF_32BIT_REGS)) + return &user_mips_view; + #endif + diff --git a/queue-3.14/mips-remove-bug_on-is_fpu_owner-in-do_ade.patch b/queue-3.14/mips-remove-bug_on-is_fpu_owner-in-do_ade.patch new file mode 100644 index 00000000000..acf9bf20384 --- /dev/null +++ b/queue-3.14/mips-remove-bug_on-is_fpu_owner-in-do_ade.patch @@ -0,0 +1,62 @@ +From 2e5767a27337812f6850b3fa362419e2f085e5c3 Mon Sep 17 00:00:00 2001 +From: Huacai Chen +Date: Wed, 16 Jul 2014 09:19:16 +0800 +Subject: MIPS: Remove BUG_ON(!is_fpu_owner()) in do_ade() + +From: Huacai Chen + +commit 2e5767a27337812f6850b3fa362419e2f085e5c3 upstream. + +In do_ade(), is_fpu_owner() isn't preempt-safe. For example, when an +unaligned ldc1 is executed, do_cpu() is called and then FPU will be +enabled (and TIF_USEDFPU will be set for the current process). Then, +do_ade() is called because the access is unaligned. If the current +process is preempted at this time, TIF_USEDFPU will be cleard. So when +the process is scheduled again, BUG_ON(!is_fpu_owner()) is triggered. + +This small program can trigger this BUG in a preemptible kernel: + +int main (int argc, char *argv[]) +{ + double u64[2]; + + while (1) { + asm volatile ( + ".set push \n\t" + ".set noreorder \n\t" + "ldc1 $f3, 4(%0) \n\t" + ".set pop \n\t" + ::"r"(u64): + ); + } + + return 0; +} + +V2: Remove the BUG_ON() unconditionally due to Paul's suggestion. + +Signed-off-by: Huacai Chen +Signed-off-by: Jie Chen +Signed-off-by: Rui Wang +Cc: John Crispin +Cc: Steven J. Hill +Cc: linux-mips@linux-mips.org +Cc: Fuxin Zhang +Cc: Zhangjin Wu +Signed-off-by: Ralf Baechle +Signed-off-by: Greg Kroah-Hartman + +--- + arch/mips/kernel/unaligned.c | 1 - + 1 file changed, 1 deletion(-) + +--- a/arch/mips/kernel/unaligned.c ++++ b/arch/mips/kernel/unaligned.c +@@ -605,7 +605,6 @@ static void emulate_load_store_insn(stru + case sdc1_op: + die_if_kernel("Unaligned FP access in kernel code", regs); + BUG_ON(!used_math()); +- BUG_ON(!is_fpu_owner()); + + lose_fpu(1); /* Save FPU state for the emulator. */ + res = fpu_emulator_cop1Handler(regs, ¤t->thread.fpu, 1, diff --git a/queue-3.14/mips-tlbex-fix-a-missing-statement-for-hugetlb.patch b/queue-3.14/mips-tlbex-fix-a-missing-statement-for-hugetlb.patch new file mode 100644 index 00000000000..1d586f3a105 --- /dev/null +++ b/queue-3.14/mips-tlbex-fix-a-missing-statement-for-hugetlb.patch @@ -0,0 +1,40 @@ +From 8393c524a25609a30129e4a8975cf3b91f6c16a5 Mon Sep 17 00:00:00 2001 +From: Huacai Chen +Date: Tue, 29 Jul 2014 14:54:40 +0800 +Subject: MIPS: tlbex: Fix a missing statement for HUGETLB + +From: Huacai Chen + +commit 8393c524a25609a30129e4a8975cf3b91f6c16a5 upstream. + +In commit 2c8c53e28f1 (MIPS: Optimize TLB handlers for Octeon CPUs) +build_r4000_tlb_refill_handler() is modified. But it doesn't compatible +with the original code in HUGETLB case. Because there is a copy & paste +error and one line of code is missing. It is very easy to produce a bug +with LTP's hugemmap05 test. + +Signed-off-by: Huacai Chen +Signed-off-by: Binbin Zhou +Cc: John Crispin +Cc: Steven J. Hill +Cc: linux-mips@linux-mips.org +Cc: Fuxin Zhang +Cc: Zhangjin Wu +Patchwork: https://patchwork.linux-mips.org/patch/7496/ +Signed-off-by: Ralf Baechle +Signed-off-by: Greg Kroah-Hartman + +--- + arch/mips/mm/tlbex.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/arch/mips/mm/tlbex.c ++++ b/arch/mips/mm/tlbex.c +@@ -1295,6 +1295,7 @@ static void build_r4000_tlb_refill_handl + } + #ifdef CONFIG_MIPS_HUGE_TLB_SUPPORT + uasm_l_tlb_huge_update(&l, p); ++ UASM_i_LW(&p, K0, 0, K1); + build_huge_update_entries(&p, htlb_info.huge_pte, K1); + build_huge_tlb_write_entry(&p, &l, &r, K0, tlb_random, + htlb_info.restore_scratch); diff --git a/queue-3.14/series b/queue-3.14/series index 79b5ec5690a..f317831d784 100644 --- a/queue-3.14/series +++ b/queue-3.14/series @@ -39,3 +39,12 @@ scsi_scan-restrict-sequential-scan-to-256-luns.patch scsi-add-a-blacklist-flag-which-enables-vpd-page-inquiries.patch scsi-do-not-issue-scsi-rsoc-command-to-promise-vtrak-e610f.patch scsi_transport_srp-fix-fast_io_fail_tmo-dev_loss_tmo-off-behavior.patch +mips-gic-prevent-array-overrun.patch +mips-o32-32-bit-fix-bug-which-can-cause-incorrect-system-call-restarts.patch +mips-ptrace-test-correct-task-s-flags-in-task_user_regset_view.patch +mips-ptrace-change-gp-regset-to-use-correct-core-dump-register-layout.patch +mips-prevent-user-from-setting-fcsr-cause-bits.patch +mips-tlbex-fix-a-missing-statement-for-hugetlb.patch +mips-remove-bug_on-is_fpu_owner-in-do_ade.patch +mips-asm-reg.h-make-32-and-64-bit-definitions-available-at-the-same-time.patch +mips-octeon-make-get_system_type-thread-safe.patch -- 2.47.3